<?php

namespace App\Http\Middleware;

use Closure;

class CrossHttp
{
    /**
     * Handle an incoming request.
     * 跨域
     * @author yhs 2019.07.24
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        //$response = $next($request);
        // $origin = $request->server('HTTP_ORIGIN') ? $request->server('HTTP_ORIGIN') : '';
        // $allow_origin = [
        //     'http://localhost:8080',
        // ];
        // if (in_array($origin, $allow_origin)) {
        //     $response->header('Access-Control-Allow-Origin', $origin);
        //     $response->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN');
        //     $response->header('Access-Control-Expose-Headers', 'Authorization, authenticated');
        //     $response->header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, OPTIONS');
        //     $response->header('Access-Control-Allow-Credentials', 'true');
        // }
        header('Access-Control-Allow-Origin: http://localhost:8080');
        header("Access-Control-Allow-Credentials: true");
        header("Access-Control-Allow-Methods: GET, POST, PATCH, PUT, OPTIONS");
        header("Access-Control-Allow-Headers: Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN");
        header("Access-Control-Expose-Headers: *");
        return $next($request);
    }
}
